Abstract: In the era of big data, personal information is not only a new type of resource, but also one of the key elements of social production and technological progress, so the protection and utilization of personal information should not be neglected. The sharing and flow of personal information and other reuse activities involve a change in the purpose of personal information processing, and the principle of purpose limitation established in China's Personal Information Protection Law ignores the special nature of personal information processing in scientific research scenarios, leading to generalization and closure of the boundary of personal information reuse. At the sacrifice of the value of the reuse of information, only considering the rights and interests of the subject of information and requiring complete symmetry of information control between the subject of personal information and the controller of information, the principle of purpose limitation established in China, on the one hand, lacks the differentiation of governance of the reuse of information and ignores the demand for reuse of personal information in the context of scientific research; on the other hand, the restricted limit of reuse induces the controller of information to break through the requirement of the clarity of the initial purpose of the collection of information, theoretically ignoring the public nature of personal information and impeding the realization of the value of the data, which reflects the imbalance between the protection of personal information and its use. Thus, these loopholes need to be addressed urgently. By introducing the theory of scenario consistency, the article examines and distills the framework of the scenario-based personal information reuse rules set up by the European Union under the dualistic combination of different scenarios and purposes. The personal information governance legislation represented by the European Union has constructed a differentiated governance linking scenarios and purposes and adopted a narrow-in, wide-out reuse restriction, which makes the subject of personal information as well as the processor of information assess the risk of information utilization by establishing the scale of flexible utilization of personal information in different scenarios to provide support for the progress of the digital economy and scientific and technological innovation. Therefore, on the basis of clarifying the limitations of the national legislation, we combine the theory of scenario consistency with the classification and hierarchical protection of data to form a comprehensive program for the protection and utilization of personal information. First, the relevance and risk factors should be taken into account in order to break through the boundaries of personal information reuse. China can determine whether the reuse of information is reasonable in terms of the degree of relevance and the degree of risk by combining all factors in the four elements, to break through the "closed" limits of reuse under the principle of purpose limitation and to broaden the boundaries of the reuse of information. The four elements are: the relationship between the purpose for which the information was collected and the purpose for which it was subsequently processed, the context in which the information was collected, the nature of the information and the impact of its further processing, and information security measures. Secondly, the "purpose exemption" privilege and risk control rules for the reuse of personal information are set up for scientific research scenarios. In terms of determining the degree of relevance of fair use, since scientific research activities involve significant public interest, further processing of information in this way should not be considered as a violation of the initial purpose limitation rule. On the other hand, in terms of determining the level of risk in fair use, the "purpose exemption" privilege requires the control of the risk of the information, complementing the additional safeguards for the security of the information after the change of purpose. Finally, as a response mechanism to the risk of information reuse, it is necessary to shift the focus of information governance from front-end control of information collection by the subject of personal information to back-end information processing. For example, additional information should be provided to information subjects and an opt-out mechanism should be provided, and administrative review should be introduced as a means of redress in cases where the use of the opt-out mechanism by the information subject is ineffective.